On 3/21/2011 7:01 PM, Massimiliano Pala wrote:
Hi all, I was wondering: how do I verify if a pkey used in an ECDSA certificate is on one specific curve ?
The certificate should have as part of the Public Key Info the OID of the curve used, (or the parameters of the curve)
Or, better, how to easily print out the txt identifier of the curve used in a certificate ?
the openssl x509 -text ... will print the curve name: Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 04:28:7a:4d:f3:65:ee:57:76:df:7d:dd:8a:04:83: 5b:47:df:22:b5:ff:f2:20:9c:50:22:d4:8a:7d:01: 1f:e2:37:d9:f8:05:fb:a9:b6:90:d9:87:3c:7d:05: 05:f7:60:09:95:b0:43:84:27:36:36:c0:78:73:61: 59:73:43:b2:ed:b1:40:22:ae:6d:85:1e:25:b5:75: d4:ab:c2:94:63:15:52:cf:48:55:a1:67:eb:94:af: fe:a4:7d:8c:37:37:e2 ASN1 OID: secp384r1 ... That would be a useful addition to the
output in a ECDSA certificate. Something like: ... Curve Name: secp384r1 ... Or better, is there an easy way to know if a curve is one of the NIST approved (SuiteB) ones ?
See Peter's note on the list of NIST OIDs.
Cheers, Max
-- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org